#!/bin/bash

ROOT_PATH=$(cd $(dirname $0) && pwd);

apt -y install prosody

cd /usr/lib/prosody/modules/
wget https://hg.prosody.im/prosody-modules/raw-file/tip/mod_log_auth/mod_log_auth.lua -O mod_log_auth.lua
wget https://hg.prosody.im/prosody-modules/raw-file/tip/mod_post_msg/mod_post_msg.lua -O mod_post_msg.lua

cp $ROOT_PATH/cfg/prosody.cfg.lua /etc/prosody/conf.d/$(hostname -f).cfg.lua

#chmod 777 /etc/prosody/conf.d/jf.cfg.lua
service prosody restart
echo prosody adduser srv@jf.me
prosodyctl adduser srv@jf.me
echo prosody adduser cli@jf.me
prosodyctl adduser cli@jf.me

### iptables ###

iptables -A INPUT -m tcp -p tcp --dport 2225 -j ACCEPT

netfilter-persistent save

### fail2ban ###

sh -c "echo '
# Fail2Ban configuration file for prosody authentication
[Definition]
failregex = Failed authentication attempt \(not-authorized\) for user .* from IP: <HOST>
ignoreregex =
' > /etc/fail2ban/filter.d/prosody-auth.conf"

sh -c "echo '
[prosody-auth]
enabled = true
port    = 5222,2225
filter  = prosody-auth
logpath = /var/log/prosody/prosody*.log
maxretry = 5
bantime = 24h
findtime = 5m
' > /etc/fail2ban/jail.d/prosody-auth.conf"

service fail2ban restart
